YPG employee data possibly compromised

The personal information of more than 700 Yuma Proving Ground employees may be at risk of identity theft because a home computer that contained their data may have been compromised.

According to YPG spokesman Chuck Wullenjohn, personnel information from 2005-2007, which included the names and Social Security numbers of the employees at that time, was being stored on the personal home computer of an employee of the installation's Resource Management Division.

That information, which was being maintained by the Department of the Army, could have been compromised and possibly accessed during that time because the employee's computer may have picked up a virus from the Internet, Wullenjohn said.

"We don't know for sure if the computer was subject to a malware attack, but on the other hand we don't know that it wasn't," Wullenjohn said. "We are alerting the employees as a precaution."

Malware is short for malicious software. Essentially it is software that has been designed to infiltrate a computer system without the owner's informed consent.

The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, software or program code. The term computer virus is sometimes used as a catch-all phrase to include all types of malware, including true viruses.

Wullenjohn said the employee took home the information and put it on a home computer in an effort to support the base's continuity of operations plan, which is designed to ensure that payroll data could be accessed, updated and then entered into resource management division payroll systems in a timely manner in the event YPG was shut down due to the loss of power, flood or other unforeseen occurrence.

However, Wullenjohn said the resource management division employee did not have the authorization to store the personal information on their home computer.

"It is against Army regulations and was not authorized," Wullenjohn said.

Wullenjohn said YPG learned of the possible computer breach when the resource management division employee reported on Jan. 26 that they were having problems with their home computer and reported it to the base's Security and Information Assurance Division, which conducted an investigation.

Wullenjohn said a letter has been sent to all the employees affected by the incident, informing them about what had happened and offering them suggestions as what actions to take to protect their identity.

According to the letter, "expert analysis of the computer was unable to conclusively determine whether unauthorized access or removal of any information occurred, but they believe the probability is low."

The letter also states, "Although we cannot say with certainty, based on the circumstances we believe the probability is moderate that the information will be acquired and used for unlawful purposes."

"We therefore believe that you should consider taking such actions as are possible to protect against the potential that someone might use the information to steal your identity."

Wullenjohn, whose personal information was among the data that could have been comprised, said so far there have been no reports from any employee of the unlawful use of their personal information.

Wullenjohn also said the Army has taken the matter very seriously and is reviewing current policies and practices to make sure something like this doesn't happen again.